Consider deprecating `X-XSS-Protection` header DSL #10777

marcusdacoregio · 2022-01-24T11:17:07Z

This header has been deprecated by modern browsers and its use can introduce additional security issues on the client side. See https://owasp.org/www-project-secure-headers/#x-xss-protection

jzheaux · 2022-01-24T20:28:17Z

This seems related to #9631.

marcusdacoregio · 2022-01-24T20:36:07Z

Closing as duplicate of #9631

marcusdacoregio added status: waiting-for-triage An issue we've not yet triaged in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Jan 24, 2022

marcusdacoregio added this to the 6.x milestone Jan 24, 2022

eleftherias removed the status: waiting-for-triage An issue we've not yet triaged label Jan 24, 2022

marcusdacoregio closed this as completed Jan 24, 2022

marcusdacoregio added the status: duplicate A duplicate of another issue label Jan 28, 2022

marcusdacoregio removed this from the 6.x milestone Jan 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Consider deprecating `X-XSS-Protection` header DSL #10777

Consider deprecating `X-XSS-Protection` header DSL #10777

marcusdacoregio commented Jan 24, 2022

jzheaux commented Jan 24, 2022

marcusdacoregio commented Jan 24, 2022

Consider deprecating X-XSS-Protection header DSL #10777

Consider deprecating X-XSS-Protection header DSL #10777

Comments

marcusdacoregio commented Jan 24, 2022

jzheaux commented Jan 24, 2022

marcusdacoregio commented Jan 24, 2022

Consider deprecating `X-XSS-Protection` header DSL #10777

Consider deprecating `X-XSS-Protection` header DSL #10777